Tag: errata

Robert Graham, the CEO of errata security, surprised attendees by hijacking a Gmail session on camera and reading the victimâ€™s email. He went even further by demonstrating the attack to us in person, taking over another journalistâ€™s Gmail account and then sending us sheep-loving emails.

Now you know why itâ€™s dangerous to check your web emails in public hotspot or through open wi-fi connections. You can try https session and only use secure wifi connection to avoid problems.

From the article:

The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser â€“ in easy point-and-click fashion – with a home-grown tool called Hamster.

The attack can hijack sessions in almost any cookie-based web application and Graham has tested it successfully against popular webmail programs like Googleâ€™s Gmail, Microsoftâ€™s Hotmail and Yahoo Mail. He stressed that since the program just uses cookies, he only needs an IP address and usernames and passwords arenâ€™t required.